From what I recall the “Internet or network address” is mislabelled in the Windows UI as it is actually called “TargetName” in the Windows API and can be any string. This is the name that you refer to with the secret manager.
Yes, that is how it works.
The translation will look for $duplicati-server and check the Windows Credentials for an entry with the “internet or network address” value “duplicati-server”, and then replace it with the password. The username is not currently used by Duplicati.
If any of the values cannot be resolved, the start will fail.
For a slightly better testing experience, you can use the commandline and then:
Duplicati.CommandLine.SecretTool.exe test wincred:// duplicati-server
The output will tell you if the lookup works.